jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
eacb4d4df337c63c9edad2612c2e19594cc6c309
danbooru/app/policies/application_policy.rb
evazion eacb4d4df3 models: factor out api_attributes to policies. 
Refactor models so that we define attribute API permissions in policy
files instead of directly in models.

This is cleaner because a) permissions are better handled by policies
and b) which attributes are visible to the API is an API-level concern
that models shouldn't have to care about.

This fixes an issue with not being able to precompile CSS/JS assets
unless the database was up and running. This was a problem when building
Docker images because we don't have a database at build time. We needed
the database because `api_attributes` was a class-level macro in some
places, which meant it ran at boot time, but this triggered a database
call because api_attributes used database introspection to get the list
of allowed API attributes.
2020-06-08 18:38:02 -05:00

77 lines
1.1 KiB
Ruby
Raw Blame History

class ApplicationPolicy
attr_reader :user, :request, :record
def initialize(context, record)
@user, @request = context
@record = record
end
def index?
true
end
def show?
index?
end
def search?
index?
end
def new?
create?
end
def create?
unbanned?
end
def edit?
update?
end
def update?
unbanned?
end
def destroy?
update?
end
def unbanned?
user.is_member? && !user.is_banned? && verified?
end
def verified?
user.is_verified? || user.is_gold? || !user.requires_verification?
end
def policy(object)
Pundit.policy!([user, request], object)
end
def permitted_attributes
[]
end
def permitted_attributes_for_create
permitted_attributes
end
def permitted_attributes_for_update
permitted_attributes
end
def permitted_attributes_for_new
permitted_attributes_for_create
end
def permitted_attributes_for_edit
permitted_attributes_for_update
end
def api_attributes
record.class.attribute_types.reject { |name, attr| attr.type.in?([:inet, :tsvector]) }.keys.map(&:to_sym)
end
end
Reference in New Issue View Git Blame Copy Permalink